Why isolation?
Maude runs Claude Code with full system permissions — no approval prompts, no interruptions. This is great for productivity, but it means Claude can read, write, and delete any file it has access to.
Running inside a Docker container keeps your host machine safe. Claude can only access files inside the container.
Step 1 — Create the container
Install Docker Desktop (or OrbStack on macOS), then pick your preferred method:
Run this command in your terminal:
Terminaldocker run -d \
--name maude \
-p 2222:22 \
-v maude-projects:/home/maude/projects \
ubuntu:24.04 bash -c '
apt-get update -qq && \
apt-get install -y -qq openssh-server sudo curl git tmux && \
mkdir -p /run/sshd && \
sed -i "s/#PasswordAuthentication yes/PasswordAuthentication yes/" /etc/ssh/sshd_config && \
sed -i "s/PasswordAuthentication no/PasswordAuthentication yes/" /etc/ssh/sshd_config && \
useradd -m -s /bin/bash maude && \
chown -R maude:maude /home/maude && \
echo "maude:secret-password" | chpasswd && \
echo "maude ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/maude && \
/usr/sbin/sshd -D
'This creates an Ubuntu container with:
- SSH server on port 2222
- User
maudewith passwordsecret-password - Passwordless sudo (needed for installing packages)
- A persistent
maude-projectsvolume for your code - Git, curl, and tmux pre-installed
Tip: Change the password to something else if your
machine is accessible on a network.
Replace "maude:secret-password" with "maude:yourpassword" in the command above.
Step 2 — Test the connection
Verify SSH works from your terminal:
Terminalssh -p 2222 maude@localhost
Enter the password (secret-password) and you should get a shell.
Type exit to disconnect.
Step 3 — Add to Maude
Open Maude and add a new server with these credentials:
| Field | Value |
|---|---|
| Host | localhost (or your Tailscale IP — see below) |
| Port | 2222 |
| Username | maude |
| Password | secret-password |
Maude will install tmux and Claude Code on first connection. Follow the on-screen steps to authenticate with your Claude account.
Step 4 — Connect from anywhere with Tailscale
The setup above works when your phone is on the same network as your computer (e.g. home Wi-Fi). To connect from anywhere, use Tailscale — a free, zero-config VPN.
1 Install Tailscale on your computer
Download from tailscale.com/download
or run brew install --cask tailscale on macOS.
Sign in with Google, GitHub, or another provider.
2 Install Tailscale on your phone
Get the Tailscale app from the App Store or Play Store. Sign in with the same account.
3 Use your Tailscale IP in Maude
Your computer gets a stable Tailscale IP (like 100.64.0.1).
Find it in the Tailscale menu bar app or by running
tailscale ip. Use this IP as the host in Maude instead
of localhost.
That's it. Your phone connects to your computer through Tailscale's encrypted network — no port forwarding, no dynamic DNS, works from anywhere.
Managing the container
Terminal# Stop the container
docker stop maude
# Start it again
docker start maude
# Remove it (projects volume is preserved)
docker rm -f maude
# View logs
docker logs maude
Your projects are stored in a Docker volume (maude-projects),
so they persist even if you remove and recreate the container.